package cn.janescott.inner.space.admin.config;

import cn.janescott.inner.space.lib.boot.properties.SpringBootAdminProperties;
import cn.janescott.inner.space.lib.web.security.SpringBootAdminWhiteListHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 安全配置
 * Created by Scott on 2018/7/20
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private SpringBootAdminProperties adminProperties;

    @Autowired(required = false)
    public void setAdminProperties(SpringBootAdminProperties adminProperties) {
        this.adminProperties = adminProperties;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SpringBootAdminWhiteListHandler.handle(http, adminProperties);
        http.authorizeRequests().anyRequest().permitAll().and()
//                .authorizeRequests().anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .loginPage("/dashboard/login")
//   //               .successHandler()
//                .permitAll()
//                .and()
                .logout().logoutUrl("/dashboard/logout").permitAll()
                .and()
                //这个必须添加，否则客户端注册不了(因为客户端使用POST请求注册自身的)
                .csrf().disable()
        ;
    }
}
